CVE-2013-3693

2013-10-1122:00:00

mitre

www.cve.org

blackberry

enterprise service

jboss remote method invocation

remote attackers

arbitrary packages

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

68.9%

JSON

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.

References

btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

secunia.com/advisories/55187